WazirX Suffers $230M Hack Leading to Immediate Withdrawal Freeze

Sentiment Status: Negative

The loss of $230 million is a severe blow to WazirX, which had reported holdings of approximately $500 million in its June proof-of-reserves disclosure.

WazirX, one of India's premier cryptocurrency exchanges, has suspended all withdrawals following a significant security breach. This breach resulted in a staggering $230 million loss, impacting nearly half of the exchange's reserves.

On Thursday 18th, WazirX reported that its multisig wallet, which requires multiple private keys to authorize transactions, had been compromised. This wallet had six signatories, five of whom were from the WazirX team. The breach led to the theft of over 200 different cryptocurrencies, including 5.43 billion SHIB tokens, more than 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens. 

This massive theft was initially reported by blockchain explorer Lookonchain, and Elliptic, a risk-management platform, suggested that the hackers might have ties to North Korea.

The investigation pointed to a discrepancy between the data displayed on the wallet infrastructure firm Liminal’s interface and the transaction’s actual contents. “During the cyber attack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed. We suspect the payload was replaced to transfer wallet control to an attacker”, WazirX explained in a statement.

The loss of $230 million is a severe blow to WazirX, which had reported holdings of approximately $500 million in its June proof-of-reserves disclosure. The company described the breach as a “force majeure event”, stating it was beyond their control. However, they assured users they are leaving no stone unturned to recover the funds. They have blocked a few deposits and reached out to concerned wallets for recovery. "We are in touch with the best resources to help us in this endeavor", the company posted on X.

Other major Indian crypto exchanges, CoinSwitch and CoinDCX, assured their customers that their funds were secure and unaffected by this incident. “Our wallet security remains robust”, tweeted Sumit Gupta, co-founder and CEO of CoinDCX. Ashish Singhal, co-founder and CEO of CoinSwitch, advised crypto investors to be mindful of potential market volatility and exercise caution in their trading and investment activities.

This breach is the latest setback for WazirX, which separated from Binance in early 2023 following a public and high-profile fallout in 2022. Two years after Binance announced it had acquired WazirX, the companies began a dispute over the ownership of the Indian firm. Binance founder Changpeng Zhao stated that the two firms hadn’t been able to conclude the deal and moved to terminate Binance’s businesses with WazirX.

WazirX is now focused on locating and recovering the stolen funds. The company is actively collaborating with authorities and industry experts to track down the hackers and mitigate the damage caused by this unprecedented security breach.